Disable “local security authority protection is off” – Microsoft Windows 11 Fix

Disable local security authority protection is off - Microsoft Windows 11 Fix

Introduction

This bug has been causing problems for Windows 11 users since March 2023, and it’s still unresolved.

Local Security Authority (LSA) is an essential security feature in any version of Windows, responsible for enforcing security policies.

To protect it from malicious actors, this feature comes enabled by default in all installations of Windows 11.

But a false warning appears when you turn off the feature that reads “Local Security authority protection is off. Your device may be vulnerable”, which can’t be removed despite rebooting the system and multiple attempts by Microsoft to fix it through Windows Defender updates.

It seems like users will have to wait a bit longer to get rid of this annoying message – though we don’t know when exactly that’ll happen.

Moving on…

Local Security Authority Protection Disabled Alert on Windows – The Underlying Causes

Have you recently seen a yellow exclamation mark in your security settings?

That could be because the LSA process has been affected.

Usually, users disable Local Security Authority (LSA) protection from Task Manager as it can use a lot of system resources. But if it isn’t running, there are three possible causes:

Cause Explanation
Corrupt Windows Update Installed update on PC caused LSA to turn off
Secure Boot Settings Reset Basic security feature disabled, affects other programs including LSA
Group Policy Editor Changes Unnecessary changes caused LSA to be disabled

 

As such, it is important to understand the underlying issues and take appropriate measures to fix them.

Next up, let’s look at some easy fixes that can help normal users resolve this issue quickly.

What Makes the Local Security Authority Protection Turn Off?

You may be wondering why LSA is switched off, leaving you potentially exposed.

Faulty Windows updates are one of the leading causes, as they can corrupt and disable this feature.

Secure Boot being turned off can also deactivate the local security authority protection.

Lastly, if the Windows policy has been configured to disable LSA it will need to be changed to turn it back on via the local group policy editor (gpedit. msc).

Fixes:

1. Initiate Basic Diagnostic Procedures

Checking if your system is secure can help identify potential issues that make it vulnerable.

To start, first close all apps running on the device and restart it. After that, try to manually enable the feature in Core Isolation settings:

Feature Action
Open Windows Security App Navigate to Device Security tab
Turn on Toggle Under Local Security Authority Protection
Disable & Re-enable Restart Device
Temporarily Disable 3rd Party Software Ensure Interference Does Not Impact Feature

 

If none of these steps resolve the issue, you may need to take further measures. But for now, this should ensure the warning isn’t just a false flag.

2. Is The Warning Just a False Flag?

Verify that the warning you’re receiving isn’t just a false alarm to make sure everything’s running smoothly.

Open the Event Viewer app by searching ‘Event Viewer’ in Windows Search and navigate to Applications and Services Logs > Microsoft > Windows > LSA.

event_viewer_LSA

You can verify that LSA protection is enabled if you look for an event with ID 5004 associated with LSA protection and check if it is enabled and operational. 

If there is no such event, your feature might be disabled.

Try out the other fixes available and see if they work.

Don’t forget to install any pending Windows updates as well—they may bring patches that could help solve the issue you’re facing.

3. Reinitialize the Windows Security Tool

To fix the issue, try repairing and resetting the Windows Security app.

This will restore its original default settings, and help identify if any misconfigured settings are causing the problem.

Additionally, it will fix any underlying issues with the app’s functionality.

Benefits Drawbacks
Restores default settings Time-consuming process
Fixes underlying issues with functionality Can modify other configurations on your device that are unrelated to this issue
Helps identify misconfigured settings causing problems May not actually resolve the issue of ‘Local Security Authority protection is off’ error message being displayed

 

Repairing and resetting Windows Security can be a good way to ensure that recent changes to the app aren’t responsible for deactivating it

However, it may not always work as expected so additional troubleshooting steps should be taken.

4. Windows Updates – Install All Pending Ones

Now that we’ve established the warning is not just a false flag, it’s time to tackle the underlying issue.

To do this, you must install any pending Windows updates. To make sure your device is up to date and secure, start by referring to our guide on how to manually update Windows.

 

check_windows_updates

 

Then, run any available updates for Microsoft Defender antivirus antimalware platform KB5007651 (which was released in March 2023) as well as any other pending updates.

5. Remove Recently Added Non-Windows Applications (Third-Party)

If you recently installed a third-party app, it could be causing the issue with Windows Security – so go ahead and uninstall it.

To do that, follow our guide on how to uninstall any software from Windows.

Open the Settings app, navigate to Apps > Installed apps, and sort according to Date installed. Find the latest app and click the Uninstall button.

This should help resolve your security issues with Windows Security.

Now that this step is done, let’s take a look at repairing and resetting the application itself.

6. Check if the Virus / Malware Has Disabled the Feature

Checking for malware is essential to ensure that deactivating the feature isn’t its doing.

Running the Windows Defender malware scan is one of the most effective ways to do this. If any threats are detected, it’s important to take prompt action and remove them to protect your device from further damage.

After these steps have been taken, check the Core isolation settings again to make sure that no warnings appear. 

It’s important not only to keep your device secure but also to protect your credentials from being accessed by malicious actors online.

If the warning persists despite having removed any potential threats, then other methods should be explored to re-enable it.

7. Turn LSA ON Using the Windows Security Application

Enable LSA on your PC by using the Windows Security application. To begin, search for “Windows Security” in the Start Menu.

In the left panel of the screen, you will come across an option that reads “Device Security.” Select this and click on “Core Isolation details.”

 

LSA_Windows_Security

 

Here you will find the LSA toggle – switch it ON to activate Local Security Authority Protection on your device. If you can’t find it in shared locations, don’t fret; there are other methods available to turn it on too!

With Windows Security Application, enabling LSA is a piece of cake – just make sure to toggle it ON as soon as possible to ensure maximum protection for your device!

8. Enable LSA Protection Via Policy Editor on Windows

By using the Policy Editor on Windows, you can quickly turn on LSA Protection for your device.

This tool allows you to find and enable the Local Security Authority settings securely with only a few steps.

Firstly, press Windows+R on your keyboard to open the Run Search. Then type “GPEDIT.msc” into the command bar and hit enter.

Once you are in the local group policy editor, navigate to Computer Configuration > Administrative Templates > System > Local Security Authority and select the configured LSASS process to run as a protected process option.

 

LSA_GPE

 

Right-click it and choose ‘enable’ before restarting your computer for changes to take effect.

  Action Effect
Press Windows+R Open Run Search
Type GPEDIT.MSC Access Policy Editor
Navigate Path Find Configured LSASS Process
Select & Enable Option Activate LSA Protection
Restart Computer Changes Take Effect

 

Using these simple steps, you can easily protect yourself from potential vulnerabilities by enabling LSA protection via the Policy Editor on Windows.

9. Use Registry Editor to Enable LSA

This can be a useful tool if the above solution doesn’t work. Before you make any changes, it’s important to create a backup by clicking File > Export in the Registry Editor.

Then follow these steps:

  • Open the Run Search and use the command ‘regedit’
  • Navigate to ComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa
  • Look for or create (if necessary) an entry called RunAsPPL with Value Data set to 2
  • Create another entry called RunAsPPLBoot with Value Data set to 2
  • Restart your PC, and hopefully your problem will be solved. If not, try changing RunAsPPLBoot‘s Value Data to 1.

However, if none of this works, then you might need something like Advanced System Optimizer, which can help optimize the Windows registry for better performance.

10. Use the Windows Security app

Try using the Windows Security app to see if it can help secure your PC.

To do this, open the Start Menu and type in ‘Windows Security’ in the search box. Then press Enter and choose Device Security from the left pane.

Under Core isolation, select Core isolation details and enable the toggle under Local Security Authority protection.

A UAC prompt will appear after, so click Yes to confirm.

After restarting your PC, you should be able to use it as normal with some extra security features enabled.

Feature Benefits Drawbacks
Windows Security App Easy to use; Free; Automatically updates security settings for optimal performance Requires a restart of the device; May have compatibility issues with certain hardware/software configurations
Local Group Policy Editor Offers granular control over specific settings; Can manually configure settings for both local and remote computers Requires more in-depth experience with computer systems; Potential for system instability or breakage if configured incorrectly

11. Via the Local Group Policy Editor

Enabling Local Security Authority (LSA) protection via the Group Policy Editor can help increase your device’s security. To do this:

  1. Press Windows + R to open the Run dialog box, and type gpedit. msc, and press Enter.
  2. Navigate to Computer ConfigurationAdministrative TemplatesSystemLocal Security Authority.
  3. Right-click Configure LSASS and select Enable with UEFI Lock.
  4. Click Apply and OK to save changes.
  5. Restart your device.

Remember to create a system restore point before making any policy changes. This will ensure that if something goes wrong, you can revert easily.

Once enabled, restarting at least once should be enough for LSA protection to remain active without further warnings or notifications.

Additionally, signature verification may also cause LSA protection to be off, so make sure it is signed correctly for foolproof security.

If you are still having issues turning it on, why not consult with our PC technicians today!

Final Words: Strengthen Your Defense by Enabling LSA.

Ensuring LSA is enabled can help foolproof your security. The Local Security Authority (LSA) is a feature of the Windows operating system that helps protect it from unauthorized access and malicious activity.

To enable this feature, you must use either the Local Group Policy Editor or the registry editor to configure settings in the Windows registry.

By doing so, you can ensure that all users have restricted access to sensitive data and prevent data theft or corruption.

Security Benefit Description Potential Issues
Data Protection Prevents unauthorised access Configuration errors
System Integrity Monitors system integrity Performance degradation
Access Control Restricts user access to specific resources Inadequate protection
User Authentication Ensures only authorised users are accessing data –> Malicious activity –> Failed authentication attempts

 

Frequently Asked Questions

Are There Any Risks Associated With Disabling LSA?

By disabling it, you may be opening yourself up to malicious attacks like data theft or unauthorized access.

This could lead to serious consequences such as financial loss and damage to your reputation.

It’s essential to weigh the risks carefully before making such a decision.

Does Enabling LSA Make My Device More Secure?

Yes, enabling local security authority protection makes your device more secure.

It helps protect against malicious attackers who may try to access my data or cause other damage.

This protection helps prevent unauthorized users from gaining access and keeps my data safe. It also helps detect any suspicious activity on my device so I can take corrective action if necessary.

Does LSA Have Any Impact on My Device’s Performance?

Yes, using LSA can have an impact on your device’s performance.

It helps protect the system from malicious attacks and unauthorized activities, which can reduce resource utilization.

Additionally, it ensures that any applications or services running on your device are secure and up to date.

This means fewer issues with compatibility or performance when interacting with other apps.

Ultimately, this provides a smoother experience for the user while still keeping their data safe.

Author:
I am a computer engineer holding a bachelor's degree in Computer Science, complemented by a Master's in Business Administration from University of Strathclyde, Scotland. I currently work as a Senior IT Consultant in Melbourne, Australia. With over 15 years of...